You Don't Want to Let Your CEO Walk Into This - Control the narrative

Congress Grills Colonial Pipeline's CEO & Takes Him to Task Last Week
For Basically No Security Plan & For Not Communicating Before Paying Ransom
Recommended Reading For Your CEO Before Testifying on Cyber Security and Data Breach

Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity
Editor: Both houses basically rip into this CEO and questions his decision making and position on cybersecurity. He wasn't prepared.

Senate Hearing: During a sometimes-tense Senate Homeland Security and Governmental Affairs Committee hearing, Blount indicated that the company did not consult with the FBI and other agencies before it paid the equivalent of $4.4 million in bitcoin to regain control of its systems.

Yes, and: Blount also testified that multifactor authentication was not used to secure the account suspected to have been exploited by hackers to gain access to company systems and that there was no plan in place to respond specifically to a ransomware attack.

Senators on both sides of the aisle criticized Blount, pointing out that the FBI and other agencies recommend against paying a ransom as it can encourage criminals to carry out future attacks and the funds could be used for criminal activities.

“My concern is how unprepared Colonial Pipeline was,” Sen. Maggie Hassan (D-N.H.) told reporters following the hearing. “I have small school districts in New Hampshire that are more prepared than Colonial Pipeline appeared to be, and that’s really concerning.”

House Hearing: Colonial Pipeline may use the recovered funds paid out to cyber criminals as part of a ransomware attack last month to increase cybersecurity, Joseph Blount, the company's president and CEO, said Wednesday.

“We are always in the process of hardening our systems and making investments in IT and cybersecurity at Colonial, so your request today, and putting an additional $2.2 million into hardening our systems further, is not a difficult one to address and agree to,” Blount testified in response to a question from House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) on whether the ransom funds would be used to shore up security.

“We are making a substantial investment, and part of that reason is we have been compromised. We’ve had criminals in our system, and we need to change a lot of the things we already had because they would be familiar with them from having been in the system over the course of those days,” Blount noted.

His testimony came days after the Justice Department announced that it had recovered around $2.3 million in bitcoin from the cyber criminals who launched a crippling ransomware attack last month against Colonial. The funds made up the majority of the $4.4 million in bitcoin that Colonial chose to pay hackers in order to decrypt its networks.

The attack forced the company, which provides 45 percent of the East Coast’s fuel supply, to shut down the full pipeline for days, leading to gasoline shortages in several states.

“I hope the FBI’s success serves as an incentive for future ransomware victims to engage with law enforcement early,” Thompson said at the hearing. “I hope Colonial will use the recouped money to make necessary improvements to its cybersecurity.”

Blount personally made the decision to pay the cyber criminals behind the attack, linked by the FBI to a Russian-based group, and reiterated Wednesday that the decision was “the right choice to make” in order to get the pipeline up and running again quickly.

But under questioning from Rep. Jim Langevin (D-R.I.), Blount confirmed that the company had cyber insurance and that the original $4.4 million in bitcoin paid out to the hackers would likely be covered.

“We’ve had cyber insurance for quite some time. We have submitted a claim for that ransom payment, and I haven’t had that confirmed to me yet, but I suspect that it will be covered,” Blount said, insisting that during the response to the attack “the insurance wasn't even in the forefront of my mind.”

Blount's comments came during the second of two hearings on Capitol Hill this week centered on the ransomware attack on Colonial, with lawmakers hammering him on the company’s decision to pay the ransom and its communication with various federal agencies.

Blount testified at both the House hearing and a previous hearing before the Senate Homeland Security and Governmental Affairs Committee that his company was taking steps to increase cybersecurity, including through ensuring more cybersecurity funds were available if needed.

But in the wake of a year of increasingly dire cyber incidents — such as the separate SolarWinds hack that compromised nine federal agencies and ransomware attacks on hospitals — some lawmakers criticized Colonial Pipeline for not doing more earlier.

I appreciate Colonial Pipeline's identification of places where they are now hardening systems in response to the devastating ransomware attack in May, but this begs an obvious question,” House Homeland Security Committee ranking member John Katko (R-N.Y.) testified Wednesday. “If your pipeline provides fuel to 45 percent of the East Coast, why are you only hardening systems after an attack?”

“I'm not interested in blaming the victim here, but we all must learn from these incidents to prevent future destruction,” he said.

Langevin blasted Blount following the hearing for refusing an offer from the Cybersecurity and Infrastructure Security Agency (CISA) to examine Colonial’s system following the attack, with Blount testifying that “world-class experts” hired by Colonial, such as those from FireEye, were examining the system.

“In light of the damage caused to Colonial Pipeline, Mr. Blount’s sustained rejection of CISA assistance is the height of irresponsibility,” Langevin said in a statement. “Mr. Blount’s testimony raises significant questions about whether private companies that operate systemically important critical infrastructure like pipelines should be permitted to freeze out federal agencies like CISA.”

The concerns in the House came the day after Blount was grilled in the Senate about his company’s response to the attack.

Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) told reporters following the hearing that his committee was drafting legislation to tackle ransomware and increasing cyberattacks.

“Cyberattacks used to be merely an inconvenience,” Peters said. “We now know they are becoming attacks on our very way of life.” thehill.com

Editor's Note: I'm leaving out my opinion on how Congress manipulated Mr. Blount's questions and answers to make their individual points. But knowing how they approach this and how it's structured should allow your team to properly prepare.